Skip to main content
Branding mascot

Welcome! How can we help you?

Got a Question? Ask our Community!

Have a question, or a tip or trick to share! Sign in with your Thryv credentials and post in our User Community!

Master Thryv Like a Pro!

Sign in and take our self-guided courses to maximize your experience and boost productivity!

You appear to be not logged in so your learning paths progress may not be saved.

Two-Factor Authentication (2FA) for Keap: Setup and Management

Product Success Team
  • Updated
  • Keap-All Editions

Why Two-Factor Authentication Is Required

As of August 7, 2025, two-factor authentication (2FA) is required for all Keap users, including partners who manage client accounts. Two-factor authentication protects your account by requiring two separate forms of identification at login — your password plus a one-time code delivered to a device you control. This significantly reduces the risk of unauthorized access from password breaches, phishing attacks, and credential theft.

If you have not yet set up 2FA, you will be prompted to complete the setup the next time you log in. After passing a 2FA challenge on a recognized device, you will not be re-challenged for 90 days — unless a new or unrecognized device attempts to access your account.

This article covers three 2FA methods: email-based 2FA (the default), text message 2FA, and authenticator app 2FA. It also covers how to switch between methods and important account rules that apply to all methods.

Email 2FA: How It Works at Login

Email 2FA is the default method. When you log in and 2FA has not yet been configured on your account, Keap will automatically send a one-time password (OTP) to the email address on file. The steps below describe the email 2FA login flow.

  1. On the login page, enter your username and password as usual and click Sign In.

    The Keap login page showing the username field and password field with a Sign In button below them.

    The Keap login page displays a username field, a password field, and a Sign In button. Enter your credentials and click Sign In to proceed to the 2FA challenge step.

  2. After entering your credentials, the 2FA challenge page will appear prompting you to enter a one-time password. Open your email inbox and look for an email from Keap with the subject line Keap 2-step authentication.

    An email inbox showing an email from Keap with the subject line 'Keap 2-step authentication' in the inbox list.

    The email inbox displays an email from Keap with the subject line Keap 2-step authentication. Open this email to retrieve the one-time password.

  3. Open the Keap 2-step authentication email and locate the six-digit one-time password in the email body.

    The Keap 2-step authentication email showing a six-digit one-time password displayed prominently in the email body.

    The Keap 2-step authentication email displays a six-digit one-time password in the email body. Copy or note this code to enter on the challenge page.

  4. Return to the Keap login challenge page and enter the six-digit code in the one-time password field.

    The Keap 2FA challenge page showing a one-time password input field where the six-digit code is entered. A Verify button and a Send a new code link are visible below the input field.

    The 2FA challenge page displays the one-time password input field, a Verify button, and a Send a new code link. Enter the six-digit code from the email in the input field.

  5. Click Verify to complete the login. If you did not receive the email, click Send a new code to request a new one-time password. If you are unable to receive the code or no longer have access to the email address on file, contact Keap support for assistance. After successfully passing the 2FA challenge, you will be directed to your dashboard.

How to Switch to Text Message 2FA

If you prefer to receive your authentication code by text message instead of email, follow the steps below to set up text message 2FA. The steps vary slightly depending on your account type.

For Keap Pro, Ultimate, and Max Users

  1. Click your user icon in the lower-right corner of the app and select Settings.

    The app interface showing the user icon in the lower-right corner with a dropdown menu open. The Settings option is highlighted in the menu.

    The user icon dropdown menu displays the Settings option. Clicking Settings opens the user settings page.

  2. Click My profile to open your profile settings.

    The Settings page showing the My profile option listed in the left-hand navigation. The My profile option is highlighted.

  3. Scroll down the My profile page and click Edit my Login ID to open the Account Central login settings.

    The My profile settings page scrolled down showing the Edit my Login ID link below the login credentials section.

  4. In Account Central, click Security settings to open the two-step authentication configuration page.

    The Account Central page showing the Security settings option listed in the navigation. The Security settings option is highlighted.

  5. In the Two-step authentication section, click Set up next to the Text two-step authentication option.

    The Security settings page showing the Two-step authentication section with two options listed: Text two-step authentication and Authenticator App. The Set up button next to Text two-step authentication is highlighted.

    The Two-step authentication section displays the available 2FA options. The Set up button next to the Text two-step authentication option opens the text 2FA setup flow.

  6. Click Continue to verification to proceed to the phone number entry step.

    The Text two-step authentication setup page showing a Continue to verification button.

  7. Enter the mobile phone number you want to use to receive authentication codes and click Send code. A six-digit verification code will be sent to the phone number you entered.

    The phone number entry step showing a phone number input field with a Send code button below it.

    The phone number entry step displays a phone number input field and a Send code button. Enter the mobile phone number that should receive text message authentication codes and click Send code.

  8. Retrieve the six-digit verification code from the text message sent to your mobile phone. Enter the code on the verification challenge page and click Verify to confirm the phone number.

    The verification challenge page showing a six-digit code input field with a Verify button below it. A text message has been sent to the phone number entered in the previous step.

    After entering and verifying the code, text message 2FA becomes the primary authentication method for future logins on new or unrecognized devices.

For Max Classic Users

  1. Click the person icon in the app and select Manage Accounts.

    The Max Classic app showing the person icon in the upper area of the app with a dropdown menu open. The Manage Accounts option is highlighted in the menu.

  2. Click Security settings to open the two-step authentication configuration page. Then follow Steps 5 through 8 in the Keap Pro, Ultimate, and Max section above to complete the text 2FA setup.

How to Switch to Authenticator App 2FA

If you prefer to use an authenticator app — such as Google Authenticator, Microsoft Authenticator, or Authy — to generate one-time passwords, follow the steps below. Authenticator app 2FA does not require a phone signal or email access to receive a code.

For Keap Pro, Ultimate, and Max Users

  1. Click your user icon in the lower-right corner of the app and select Settings.

    The app interface showing the user icon in the lower-right corner with a dropdown menu open and the Settings option highlighted.

  2. Click My profile.

    The Settings page showing the My profile option highlighted in the left-hand navigation.

  3. Scroll down and click Edit my Login ID.

    The My profile settings page scrolled down showing the Edit my Login ID link.

  4. In the Two-step authentication section, click Set up next to the Authenticator App option.

    The Security settings page showing the Two-step authentication section with the Set up button next to the Authenticator App option highlighted.

  5. Click Continue to verification.

    The Authenticator App setup page showing a Continue to verification button.

  6. A QR code will appear on the setup screen. Open your authenticator app on your mobile device and use the app's scan function to scan the QR code displayed on the screen.

    The authenticator app setup screen showing a QR code displayed in the center of the screen. Instructions to scan the QR code with an authenticator app are shown above the QR code.

    The setup screen displays the QR code that links your account to the authenticator app. Open Google Authenticator, Microsoft Authenticator, Authy, or any compatible authenticator app and scan the QR code using the app's built-in QR scanner.

  7. After scanning the QR code, your authenticator app will generate a six-digit code. Enter the six-digit code on the verification challenge page and click Verify to complete the setup. After successful verification, the authenticator app becomes the primary authentication method for future logins on new or unrecognized devices.

For Max Classic Users

  1. Click the person icon and select Manage Accounts.

    The Max Classic app showing the person icon with a dropdown menu open and the Manage Accounts option highlighted.

  2. Click Security settings.

    The Account Central page in Max Classic showing the Security settings option highlighted in the navigation.

  3. In the Two-step authentication section, click Set up next to the Authenticator App option.

    The Security settings page in Max Classic showing the Two-step authentication section with the Set up button next to the Authenticator App option highlighted.

  4. Click Continue to verification.

    The Authenticator App setup page in Max Classic showing a Continue to verification button.

  5. A QR code will appear on the setup screen. Open your authenticator app and scan the QR code.

    The authenticator app setup screen in Max Classic showing a QR code displayed in the center of the screen.

  6. After scanning the QR code, your authenticator app will generate a six-digit code. Enter the six-digit code on the verification challenge page and click Verify to complete the setup. After successful verification, the authenticator app becomes the primary authentication method for future logins on new or unrecognized devices.

How to Switch Back to Email 2FA

To return to email 2FA as your primary authentication method, remove the text message 2FA or authenticator app 2FA configuration from your Security settings page. Navigate to Security settings using the steps in the relevant section above for your account type, then click Remove next to the text or authenticator app 2FA option you want to remove.

The Security settings page showing the Two-step authentication section with a configured text 2FA method listed. A Remove button is displayed next to the configured text 2FA option.

The Security settings page displays the currently configured 2FA methods. The Remove button next to a configured method removes that method and returns email 2FA as the active method.

Important Rules and Limitations

  • 2FA cannot be fully disabled. At minimum, email 2FA must remain enabled at all times. Removing all 2FA methods from an account is not permitted.
  • Re-challenge interval. After successfully passing a 2FA challenge on a device, you will not be re-challenged for 90 days on that same device — unless a new or unrecognized device attempts to access the account.
  • Managing verified devices. You can view and remove recognized devices from the Security settings page in Account Central. Removing a device will require that device to complete a new 2FA challenge on the next login.

Related articles

Comments

0 comments

Can't find what you are looking for?

Our customer support team is available 24/7 by online chat, phone, or email

© 2026 Thryv, Inc. All rights reserved.